Fachschaft/nixConfig
6
2
Fork 2
Code Issues 10 Pull requests 2 Projects Wiki Activity

Compare commits

base: Fachschaft:a89dab0dbdb94035ee1d0500ce891b1378d9cb54
Branches Tags
Fachschaft:main
..
compare: Fachschaft:2673d101fb2f69327dc889a7682a05367f159999
Branches Tags
Fachschaft:main

1 commit
a89dab0dbd ... 2673d101fb

Author SHA1 Message Date
Gonne
2673d101fb Add pushing to hrz allowlist 2024-03-31 17:56:20 +02:00
1 changed files with 10 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

18
nixos/modules/mailman.nix
View file

@ -37,7 +37,7 @@ in {
proxy_interfaces = "130.83.2.184"; proxy_interfaces = "130.83.2.184";
smtputf8_enable = "no"; # HRZ does not know SMTPUTF8 smtputf8_enable = "no"; # HRZ does not know SMTPUTF8
}; };
relayHost = "mailout.hrz.tu-darmstadt.de"; # Relay to HRZ relayHost = "mailout.hrz.tu-darmstadt.de"; # Relay to HRZ (see https://www.hrz.tu-darmstadt.de/services/it_services/email_infrastruktur/index.de.jsp)
}; };
mailman = { mailman = {
enable = true; enable = true;
@ -45,11 +45,12 @@ in {
hyperkitty.enable = true; hyperkitty.enable = true;
webHosts = [cfg.hostName]; webHosts = [cfg.hostName];
serve.enable = true; # serve.enable = true; #
# Don't include confirmation tokens in reply addresses, because we would need to send them to HRZ otherwise.
settings.mta.verp_confirmations = "no"; settings.mta.verp_confirmations = "no";
}; };
nginx.virtualHosts.${cfg.hostName} = { nginx.virtualHosts.${cfg.hostName} = {
enableACME = true; enableACME = true; # Get certificates (primarily for postfix)
forceSSL = false; forceSSL = false; # Don't use HTTPS behind the proxy
}; };
}; };
@ -67,22 +68,23 @@ in {
networking.firewall.allowedTCPPorts = [25 80 443]; networking.firewall.allowedTCPPorts = [25 80 443];
# Update HRZ allowlist # Update HRZ allowlist
# # For account details see https://www-cgi.hrz.tu-darmstadt.de/mail/
# will stop working if no valid TUIDs are associated to our domain.
systemd.timers."mailAllowlist" = { systemd.timers."mailAllowlist" = {
wantedBy = ["timers.target"]; wantedBy = ["timers.target"];
timerConfig = { timerConfig = {
OnBootSec = "5m"; # Run every 5 minutes OnBootSec = "5m"; # Run every 5 minutes
OnUnitActiveSec = "5m"; OnUnitActiveSec = "5m";
RandomizedDelaySec = "1m"; # Randomized delay RandomizedDelaySec = "2m"; # prevent overload on regular intervals
Unit = "mailAllowlist.service"; Unit = "mailAllowlist.service";
}; };
}; };
systemd.services."mailAllowlist" = { systemd.services."mailAllowlist" = {
description = "Post the mail addresses used by mailman to the HRZ allow list"; description = "Allowlist update: Post the mail addresses used by mailman to the HRZ allowllist";
script = '' script = ''
# Parse addresses # Get the mail addresses' local-part
cut -d '@' -f 1 /var/lib/mailman/data/postfix_lmtp | grep -v '#' | grep "\S" > /tmp/addresses cut -d '@' -f 1 /var/lib/mailman/data/postfix_lmtp | grep -v '#' | grep "\S" > /tmp/addresses
# Post addresses to HRZ # Post local-parts to HRZ
${pkgs.curl}/bin/curl https://www-cgi.hrz.tu-darmstadt.de/mail/whitelist-update.php -F emaildomain=lists.mathebau.de -F password=$(cat /run/secrets/allowlistPass) -F emailliste=@/tmp/addresses -F meldungen=voll ${pkgs.curl}/bin/curl https://www-cgi.hrz.tu-darmstadt.de/mail/whitelist-update.php -F emaildomain=lists.mathebau.de -F password=$(cat /run/secrets/allowlistPass) -F emailliste=@/tmp/addresses -F meldungen=voll
# Cleanup # Cleanup
rm /tmp/addresses rm /tmp/addresses